WEBVTT

00:00.450 --> 00:06.150
A lot of people get surprised when the security plus covers the concept of wireless access points because

00:06.550 --> 00:13.200
whaps while they certainly do have some security issues we tend to not zero in on just the wireless

00:13.200 --> 00:15.410
access points when we're talking about that.

00:15.420 --> 00:21.060
And unfortunately that's a mistake because there's a lot of issues particularly with your wireless signal

00:21.060 --> 00:23.700
that's getting out that are real security issues.

00:23.700 --> 00:27.570
So let's make sure we understand a couple of things before we get into deep.

00:27.660 --> 00:33.000
Now the most important thing I want to start off with is the idea of think enterprise.

00:33.000 --> 00:38.490
Now what I've got here in front of me is a good old home wireless access point but it's actually a lot

00:38.490 --> 00:40.910
more than a wireless access point.

00:41.040 --> 00:45.150
If you take a look at this guy you'll see he's actually a built in router.

00:45.240 --> 00:48.720
You see these in people's homes and in small offices all the time.

00:48.810 --> 00:54.800
They're great little boxes but when we're talking about real security we move into a whole other world.

00:54.810 --> 01:00.180
So what I have here is some wireless access points that are a little bit more serious when it comes

01:00.180 --> 01:03.110
to dealing with enterprises.

01:03.150 --> 01:05.480
First one I want to talk about is this beastie.

01:05.580 --> 01:08.100
So this beastie is a wireless access point.

01:08.100 --> 01:14.280
This is a way not to steal the Cisco wireless access point it's actually just been retired here total

01:14.280 --> 01:15.330
seminars.

01:15.330 --> 01:18.970
Now this is what we call a thick client.

01:18.990 --> 01:22.540
This is a standalone wireless access point.

01:22.620 --> 01:31.300
When you take a look at a beast like that what you're talking about is a device that we have to configure

01:31.300 --> 01:37.630
by itself so if I've got three of these up there I've got to go into each one they all have web interfaces.

01:37.630 --> 01:39.660
I'm going to go to each one of these guys.

01:39.790 --> 01:46.480
I'm going to do whatever configuration I need to do and that is a great example of a standalone or a

01:46.810 --> 01:47.920
fat client.

01:47.920 --> 01:51.300
Sometimes you hear the term thick client as well.

01:51.340 --> 01:55.570
What's a little bit more common today in the enterprise environment is something like this.

01:57.430 --> 02:00.700
So what this is is a wireless access point.

02:00.880 --> 02:08.930
It's a lot smaller this type of wireless access point is very different from that big thick client.

02:08.950 --> 02:11.980
This is what we're going to call a thin client.

02:12.010 --> 02:17.130
You don't go into this guy and configure him through a web page.

02:17.140 --> 02:21.790
This guy has to be handled through a controller so it's controller based.

02:21.820 --> 02:27.130
These are actually very very convenient because what I can do a lot of times if I'm setting up a wireless

02:27.220 --> 02:30.700
network for office I'm going to be using the same SS ID.

02:30.880 --> 02:35.830
I'm going to be bouncing around different channels so each wireless access point has got a good Cris

02:35.830 --> 02:40.910
signal and I want to configure all these guys we call them hockey pucks you hear that term quite a bit.

02:41.050 --> 02:43.630
And I want to configure them all at once.

02:43.690 --> 02:44.820
So what we'll do.

02:44.820 --> 02:51.160
Like here told the seminars There's a company called Ubiquiti love you Ubiquiti that has a wonderful

02:51.160 --> 02:54.850
powerful tool I buy a number of these hockey pucks.

02:54.850 --> 03:02.140
I place them properly and then I plug them in to a switch and through one control or one piece of software

03:02.410 --> 03:04.810
I set them all up simultaneously.

03:04.810 --> 03:11.350
When you've got a lot of wireless access points the hassle of going through a whole bunch of thick clients

03:11.530 --> 03:16.340
versus just one little thin client controller is much much better.

03:16.390 --> 03:17.090
OK.

03:17.580 --> 03:25.350
So whether you have a fat client a thick client or a thin client a hockey puck you have to deal with

03:25.350 --> 03:26.760
the issue of antennas.

03:26.770 --> 03:32.640
Now if you'll notice pretty much all of these devices have built in antennas ready to go.

03:32.730 --> 03:35.730
And for most of us these antennas are absolutely fine.

03:35.730 --> 03:39.660
This guy here doesn't look like it but he's actually gotten intended to.

03:39.660 --> 03:46.560
However if you need too many of these wireless access points have the ability to take an external antenna

03:46.560 --> 03:48.350
like this little guy I've got right here.

03:50.050 --> 03:52.570
Put that up there so you guys can look at it.

03:52.720 --> 03:58.030
The idea behind external antennas is that sometimes the built in antennas that come with a wireless

03:58.030 --> 04:04.810
access point don't provide enough signal and signal strength is a big deal with these when we're talking

04:04.810 --> 04:06.640
about signal strength.

04:06.670 --> 04:10.140
We use the term decibels or D-B.

04:10.150 --> 04:15.790
So I don't want to get into a big deciples discussion because all you radio guys are going to jump out

04:15.790 --> 04:19.590
of your videos and beat me up because I'm not a radio guy.

04:19.600 --> 04:25.980
The bottom line is when we're talking about BVI what we're talking about is think about like a boost.

04:26.140 --> 04:32.960
How good of a signal does this device have without that antenna or with a built in antenna versus me

04:33.060 --> 04:34.920
adding a stronger antenna.

04:34.920 --> 04:38.920
So in general a larger decibel value is better.

04:38.940 --> 04:41.010
And that's really important for the exam.

04:41.220 --> 04:46.850
OK so next thing I want to talk about are the different physical antenna types.

04:51.060 --> 04:54.060
There's a lot of I mean they all just look like little sticks right.

04:54.060 --> 04:56.060
Well there's actually a lot more to it than that.

04:56.250 --> 05:02.070
It has to do with how the signal is presented so let's go through the basic and genotypes First of all

05:03.190 --> 05:06.130
we have what's called an omni or an omni directional

05:10.350 --> 05:14.760
an omni directional basically looks like a big basketball.

05:14.790 --> 05:18.180
So the signal goes in every possible direction.

05:18.180 --> 05:24.630
You'll see these used out of doors in very very large like in a basketball court or something like that

05:25.440 --> 05:30.160
because everybody no matter which directions point he needs a signal.

05:30.170 --> 05:36.940
Secondly we have what's called a dipole.

05:36.950 --> 05:41.270
Now this little these little entities here are actually dipoles.

05:41.500 --> 05:46.110
When we say a dipole actually has two little antennas built in this it looks like one antenna.

05:46.120 --> 05:47.410
But there's really two.

05:47.740 --> 05:53.330
A dipole makes basically take a bagel and then stomp on it.

05:53.800 --> 05:57.580
And that's what a dipole signal is dipoles have some real big benefits.

05:57.580 --> 06:03.490
Number one they're really good if you're just trying to shoot around a single floor or if you're just

06:03.490 --> 06:09.190
trying to hit a single level or a deck in a ship or something like that.

06:09.280 --> 06:15.100
The other nice thing about dipoles if look right here you'll see these dipoles always are bendy like

06:15.100 --> 06:15.630
this.

06:15.820 --> 06:21.250
And the reason they do that is because a lot of times especially with something like this by little

06:21.250 --> 06:26.870
adjustments I could hit maybe of not only the floor I'm on but maybe a second floor as well.

06:27.040 --> 06:35.120
So that's why dipoles are extremely common next are what we call directionals now a directional shoots

06:35.120 --> 06:41.180
out a really long beam so think about like a lighthouse and how a lighthouse shoots out a really long

06:41.240 --> 06:42.820
individual beam.

06:42.860 --> 06:49.670
There are two different types of directionals that we'll see first is going to be what we call a yagi

06:50.540 --> 06:56.300
yagis look like the antennas used to see on tops of people houses and they're designed to pick up and

06:56.300 --> 06:59.180
send a very very pointed signal.

06:59.180 --> 07:03.780
Now if you really want to go crazy about it then we can add what are called pair of bollix.

07:03.830 --> 07:09.470
So they look like little radar dishes and these things are usually even more powerful than yagis in

07:09.470 --> 07:13.030
general and they're designed for very very long distances.

07:13.280 --> 07:18.680
There's some really interesting competitions where using these types of antennas they want to see who

07:18.680 --> 07:21.900
can shoot the furtherest 10:42 distance.

07:21.900 --> 07:25.830
Now they're in the hundreds of miles and they have to shoot from mountaintop to mountaintop.

07:25.830 --> 07:27.360
Yeah they're pretty nerdy.

07:27.530 --> 07:28.010
OK.

07:28.220 --> 07:34.390
There is one more type of antenna that kind of directional and kind of omni and that's called a patch

07:38.630 --> 07:42.690
a patch is half of an omni.

07:42.770 --> 07:47.940
So what we're looking at is take that sphere and basically cut it in half.

07:48.020 --> 07:54.080
You can even have dipole type patches that will shoot basically half a dipole.

07:54.080 --> 07:56.510
The idea behind these is that these are great.

07:56.510 --> 08:03.680
In fact this guy right here is a patch antenna I can bolt him onto a wall in a office and it'll shoot

08:03.680 --> 08:08.580
out a big signal in one direction and virtually no signal at all at the other direction.

08:08.780 --> 08:13.880
So if I've got an exterior wall and I know what people in the parking lot trying to get into my wireless

08:13.880 --> 08:18.340
network patches are extremely common.

08:18.910 --> 08:20.660
OK.

08:20.750 --> 08:25.930
The idea behind antennas like this is that you have to place them.

08:26.180 --> 08:29.920
So the questions that you're going to see in the security plus are actually pretty trivial.

08:29.960 --> 08:36.800
So if you're doing something in a big basketball stadium you'd probably use an omni If you're outdoors

08:36.950 --> 08:43.310
you're probably going to be using some form of dipole if you're going to be placing things against walls.

08:43.310 --> 08:44.540
Look for a patch.

08:44.690 --> 08:49.110
And if you ever have to shoot long distances in particular between buildings and such.

08:49.310 --> 08:54.920
You're always going to be using some form of directional either a yagi or a parabolic.

08:54.920 --> 08:59.210
Also keep in mind that with yagis anything that's directional they actually have to be pointed to each

08:59.210 --> 08:59.710
other.

08:59.810 --> 09:04.070
So don't be surprised if somebody says oh point that to the left or point that to the right so you're

09:04.070 --> 09:06.220
always thinking in terms of direction.

09:06.860 --> 09:07.480
All right.

09:07.580 --> 09:14.180
Now with a good understanding of antennas we've got a good start in terms of our security good antenna

09:14.180 --> 09:19.850
placement controls the signal and make sure that we're not putting it in places where naughty people

09:19.850 --> 09:24.200
can and that's the most important thing to remember what we're talking about the different types of

09:24.200 --> 09:25.200
antennas.

09:25.610 --> 09:30.910
Now I want to stop for a minute and talk about something that's completely different still and wireless.

09:30.980 --> 09:33.330
Let's take a moment and talk about band selection.

09:37.310 --> 09:45.320
The ATO 2:11 standard has two different bands the 2.4 gigahertz band and the five gigahertz band.

09:45.460 --> 09:51.110
Now when we're talking about the bands you're going to use it really boils down to the technology that

09:51.110 --> 09:56.570
you want and the relative speeds that you want and how crowded things are.

09:56.570 --> 10:02.630
So what I'm using is a Wi-Fi analyzer built into my phone right here and I'd like to start by just taking

10:02.630 --> 10:06.410
a look on this phone and look how crowded everything is.

10:06.410 --> 10:14.230
This is a mess of the 2.4 gigahertz band now 2.4 gigahertz is fine for older 10:52 technologies.

10:14.360 --> 10:20.090
But the real excitement is when you watch it as I switch over as we go into the five gigahertz band

10:20.390 --> 10:27.020
now in this case the 5 gigahertz band isn't nearly as crowded and especially with technologies like

10:27.050 --> 10:32.750
10:52 a c you're pretty much going to want to go to the five gigahertz band every now and then you'll

10:32.750 --> 10:37.550
see somebody supporting 2.4 and that's if somebody comes in with a really old laptop or something like

10:37.550 --> 10:37.790
that.

10:37.790 --> 10:40.430
So five gigahertz band is where it's at.

10:40.490 --> 10:47.880
The challenge with the five gigahertz band is how do you deal with your channel with now with 2.4 gigahertz.

10:47.960 --> 10:53.540
You have very specific channels and on wireless access points you can often set that channel very calm

10:53.570 --> 10:58.280
today with the more common standards in the five gigahertz band.

10:58.280 --> 11:05.450
It's rare to run into wireless access points that allow you to manually configure the channel and there's

11:05.450 --> 11:06.720
a good reason for that.

11:07.830 --> 11:13.230
A wireless access point today has auto sensing features and if it's senses that a particular channel

11:13.230 --> 11:17.370
is really really crowded it's just going to go ahead go someplace else.

11:17.370 --> 11:22.080
And we like that feature so automated channels on five gigahertz is common.

11:22.080 --> 11:27.680
However there's something else that is not common and that is channel with now.

11:27.720 --> 11:33.420
When you take a look at the different types of channels in the five gigahertz band you have 10 megahertz

11:33.420 --> 11:42.240
wide 20 maigre it's wide 40 big or it's wide and ginge and in general the wider the channel the better

11:42.240 --> 11:46.740
the throughput you're gonna get it specially when you're using more advanced technologies like memo

11:47.010 --> 11:49.010
with ATo 2:11 a c.

11:49.050 --> 11:55.140
The downside is and let's take a look at the screen one more time is that if you take a look here you

11:55.140 --> 11:57.420
can see where it says total Wi-Fi studio.

11:57.540 --> 11:59.950
Look how wide that channel is.

11:59.970 --> 12:05.760
We've done that on purpose because when I originally set this up there wasn't anybody else in here and

12:05.760 --> 12:07.230
I had this amazing throughput.

12:07.230 --> 12:13.620
So and as I'm watching this I realize that I'm going to have to go into my wireless access points and

12:13.620 --> 12:19.620
narrow that channel with so that they can find an easier place to auto hop into that isn't quite so

12:19.620 --> 12:20.640
terribly crowded.

12:21.550 --> 12:26.550
So that's what we need to cover for the security plus on wireless access points for me.

12:26.550 --> 12:31.660
Number one I'm always going to prefer a thin controller based client over a fat client especially if

12:31.660 --> 12:34.190
I have two or more wireless access points.

12:34.450 --> 12:40.210
I'm going to take a lot of time not only selecting my antennas but also making sure that the antenna

12:40.240 --> 12:44.950
placement supports just my users and nobody else.

12:44.950 --> 12:50.560
And third I'm going to take the time with my band selection and my channel with to make sure that I've

12:50.560 --> 12:54.090
got the best possible signal I can get.